Description
[AppleSeed](https://attack.mitre.org/software/S0622) is a backdoor that has been used by [Kimsuky](https://attack.mitre.org/groups/G0094) to target South Korean government, academic, and commercial targets since at least 2021.(Citation: Malwarebytes Kimsuky June 2021)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1008 — Fallback Channels
- T1016 — System Network Configuration Discovery
- T1025 — Data from Removable Media
- T1027 — Obfuscated Files or Information
- T1027.002 — Software Packing
- T1030 — Data Transfer Size Limits
- T1036 — Masquerading
- T1036.005 — Match Legitimate Resource Name or Location
- T1041 — Exfiltration Over C2 Channel
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.001 — PowerShell
- T1059.007 — JavaScript
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1106 — Native API
- T1113 — Screen Capture
- T1119 — Automated Collection
- T1124 — System Time Discovery
- T1134 — Access Token Manipulation
- T1140 — Deobfuscate/Decode Files or Information
- T1204.002 — Malicious File
- T1218.010 — Regsvr32
- T1547.001 — Registry Run Keys / Startup Folder
- T1560 — Archive Collected Data
- T1560.001 — Archive via Utility
- T1566.001 — Spearphishing Attachment
- T1567 — Exfiltration Over Web Service